Fluent Bit Tag Key Input Sanitization Vulnerability in Input Plugins

Vulnerability

A vulnerability exists in the Fluent Bit input plugins for HTTP, Splunk, and Elasticsearch, all in version 4.1.0. These plugins do not properly sanitize tag_key inputs, allowing an attacker with network access or the ability to write records into Splunk or Elasticsearch to inject special characters, such as newlines or directory traversal sequences, into tag_key values. This injection can lead to newline injection, path traversal, forged record injection, or misrouting of logs, thereby compromising data integrity and log management.

Impact

Exploitation of this vulnerability could result in newline injection, path traversal, forged record injection, or misrouting of logs, all of which can disrupt data integrity and log management processes.

Added: Nov 24, 2025, 3:18 PM

Updated: Nov 24, 2025, 8:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fluent Bit Tag Key Input Sanitization Vulnerability in Input Plugins

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating